Duties may include but not limited to:
Drive the development of solutions and coordinate and monitor remediation of all security gaps coming from a variety of sources
Act as a key liaison between IT management, agency liaisons, legal and auditors
Collect monthly, quarterly and annual evidences required to support audit process relative to access controls
Oversee internal and external vulnerability testing, risk analysis and assessment on a scheduled basis.
Keep an inventory of all applications and track version and vulnerability risk
Formulate a roadmap for application upgrades and system refreshes
Establish plans and protocols to protect the information systems against unauthorized access
Maintain a central, controlled documentation reference library of security related information (example, policies, architecture, access and revocation request model, super user access, change management, and others as determined necessary
Work with appropriate staff to discover and validate critical assets for the audit process using a discovery tool or other effective inventory model
Incident Response: Respond immediately to security related incidents. Document and provide a thorough post-event analysis and follow-up on recommendations
Institute organization-wide communications relative to security awareness, protocols and procedures
Collaborate with information security departments to improve security compliance, manage risk and improve effectiveness of the overall security program
Testing and reporting of compliance levels and adherence to policies, standards and regulatory requirements
Provide guidance in defining and the documentation of secure design specifications and ensure alignment with enterprise standards
Share/leverage successful products, processes and best practices across the organization
Conduct security awareness training
Investigate security requirements and assist IT and business partners to understand and implement such requirements
Communicate with stakeholders and support teams to help improve the Company’s security posture and develop action plans to sufficiently address any identified risk
Provide ongoing troubleshooting, support, and maintenance of network and systems, including 24/7 on call coverage as required
